Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 495
  • Last Modified:

can you run terminal services and domain controller

Can you run a server as a domain controller and a terminal server at the same time?  If so is there anything specific I have to do.  I tried to setup a terminal server with activer directory it told me it need a domain controller which means i had to install the DC software along with DNS. When i went to log in as administrator it did.  But when i went to log in as a user it wouldnt let me. I did put the user in the remote desktop user group.
1 Solution
Yes, because there is special settings in the user profile settings in AD that need to put in such the path for the terminal server session, etc. Look at this link for reference:

I hope this helps.
Note that it is NOT recommended to run terminal services on a DC; for security reasons because the ability to logon locally allows for more exploits than just network access, and because a terminal server is basically only a workstation that needs to have user applications installed. These applications can weaken the security of the machine as well, and they can make it more unstable. It's better to invest into a dedicated terminal server (which might actually save money -- or what does it cost if your DC/TS dies because of an end-user application going crazy, and you'll have to restore it while nobody can logon and work?).
That said:
Create a new domain local security group "D-RemoteDesktopDC" or whatever.
Open the Terminal Services Configuration MMC from the Administrative Tools start menu; open the properties of the Rdp-tcp protocol under "Connections", go to the Security tab.
Add the group you just created, and give it "User Access" and "Guest Access".
From the Administrative Tools start menu start the Security Policy for Domain Controllers.
Go to Windows Settings > Security Settings > Local Policies > User Rights Assignments; open the "Log on locally" right, add the group from above here as well.
Now you can add a global group with your remote desktop users to the domain local group, and they'll be able to logon through RDP.
SBrydenAuthor Commented:
Thank you very much for this answer.  I have told my boss of this information.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now